Export limit exceeded: 361176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49109 | 2 Crmperks, Wordpress | 2 Integration For Salesforce And Contact Form 7, Wpforms, Elementor, Ninja Forms, Wordpress | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions. | ||||
| CVE-2026-49766 | 2 Wordpress, Wpusermanager | 2 Wordpress, Wp User Manager | 2026-06-26 | 9.9 Critical |
| Subscriber Arbitrary File Deletion in WP User Manager <= 2.9.16 versions. | ||||
| CVE-2026-49770 | 2 Wordpress, Wptravelengine | 2 Wordpress, Wp Travel Engine | 2026-06-26 | 9.8 Critical |
| Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions. | ||||
| CVE-2026-49775 | 2 Welcart, Wordpress | 2 Welcart E-commerce, Wordpress | 2026-06-26 | 6.5 Medium |
| Unauthenticated Broken Access Control in Welcart e-Commerce <= 2.11.28 versions. | ||||
| CVE-2026-49776 | 2 John-dagelmore, Wordpress | 2 Gptranslate – Multilingual Ai Translation For Wordpress: Automatically Translate Websites, Wordpress | 2026-06-26 | 9.3 Critical |
| Unauthenticated SQL Injection in GPTranslate – Multilingual AI Translation for WordPress: Automatically Translate Websites <= 2.32.6 versions. | ||||
| CVE-2026-52703 | 2 Ninjateam, Wordpress | 2 Fastdup, Wordpress | 2026-06-26 | 9.6 Critical |
| Unauthenticated Path Traversal in FastDup <= 2.7.2 versions. | ||||
| CVE-2026-52714 | 2 Squirrly, Wordpress | 2 Seo Plugin By Squirrly Seo, Wordpress | 2026-06-26 | 7.5 High |
| Unauthenticated Broken Access Control in SEO Plugin by Squirrly SEO <= 12.4.16 versions. | ||||
| CVE-2026-49772 | 2 Stellarwp, Wordpress | 2 The Events Calendar, Wordpress | 2026-06-26 | 9.3 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2. | ||||
| CVE-2026-35318 | 2 Oracle, Orcacle | 2 Webcenter Sites, Webcenter Sites | 2026-06-26 | 8.8 High |
| Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Sites. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2026-46783 | 1 Oracle | 2 Webcenter Content, Webcenter Content Imaging | 2026-06-26 | 9.8 Critical |
| Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in takeover of WebCenter Content: Imaging. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2026-10823 | 2026-06-26 | N/A | ||
| The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts. | ||||
| CVE-2026-11702 | 2026-06-26 | N/A | ||
| Bytes::Random::Secure::Tiny versions through 1.011 for Perl share internal state across forked processes. When an object is initialised before forking, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes. | ||||
| CVE-2026-11625 | 2026-06-26 | N/A | ||
| Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced. Secrets generated in multiprocess applications are predictable across processes. | ||||
| CVE-2025-10268 | 2026-06-26 | N/A | ||
| The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server. | ||||
| CVE-2026-46784 | 1 Oracle | 2 Webcenter Content, Webcenter Content Imaging | 2026-06-26 | 9.1 Critical |
| Vulnerability in the WebCenter Content: Imaging product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebCenter Content: Imaging. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all WebCenter Content: Imaging accessible data as well as unauthorized access to critical data or complete access to all WebCenter Content: Imaging accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2026-12348 | 1 The Browsercompany Of New York | 1 Arcsearch | 2026-06-26 | 7.4 High |
| Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing. | ||||
| CVE-2026-1869 | 2026-06-26 | 6.5 Medium | ||
| The User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder plugin for WordPress is vulnerable to unauthorized modification of data due to missing validation checks in the confirm_payment() function in all versions up to, and including, 5.2.0. This makes it possible for unauthenticated attackers to bypass payment processing and activate paid memberships. | ||||
| CVE-2026-12256 | 2 Theme-fusion, Wordpress | 2 Avada, Wordpress | 2026-06-26 | 8.8 High |
| Contributor PHP Object Injection in Avada <= 3.15.3 versions. | ||||
| CVE-2026-39433 | 2 Mojoomla, Wordpress | 2 Wpams Plugin, Wordpress | 2026-06-26 | 6.5 Medium |
| Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions. | ||||
| CVE-2026-39539 | 2 Edge-themes, Wordpress | 2 Alloggio Hotel Booking, Wordpress | 2026-06-26 | 8.1 High |
| Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions. | ||||